[mythtv-users] ssh attack

Robert Kulagowski bob at smalltime.com
Fri Dec 30 00:02:18 EST 2005

>>This of course won't happen behind a properly configured firewall, correct?
>>Darren Hart wrote:
>>>I'm sure nobody here is dumb enough to do this, but since I was,
>>>thought I'd pass the word.
>>>There is an ssh attack going around with a brute force login using
>>>2187 different username/password pairs, one such pair happens to be:

If you need to use ssh from outside your firewall, you could do what
I've done; get rid of a password-based logon alltogether and use public
/ private keys.

Since I use putty at work, it's what I'm familiar with.  In a Windows

1) Download putty, puttygen and pageant from

2) Run puttygen to generate a public / private keypair.
3) Take the public key portion (it's just text) and paste it into
4) Edit /etc/pam.d/ssh and look for the line:
# Standard Un*x authentication.
@include common-auth

Put a "#" infront of @include common-auth so that it's:
#@include common-auth

This will restrict ssh from looking at /etc/passwd and /etc/shadow
5) Create a passphrase for the key that you just created.  Take the
private key that puttygen created for you and save it.  You'll need it
_every_ time you login from that point on, even internally.  If you're
using putty, you'll need to provide the filename in connection > ssh >
auth when you're setting up your connection profile.
6) If you don't want to keep typing your passphrase every time, load the
private key into pageant; you type it in once, and then if you use putty
to login, pageant will supply the passphrase automatically.

More information about the mythtv-users mailing list